How Backup Repository Encryption Works

Product version: 7.3

Last modified: 05 December 2017

Question

How does Backup Repository encryption work on Linux?

Answer

In Linux, NAKIVO Backup & Replication repositories are encrypted using one of the following two approaches:

  • The cryptsetup package encrypts an entire device, which can be used as any other device in the system.

  • The ecryptfs package provides encryption of folders.

Supported Systems

Ubuntu

When you create a Backup Repository on a Ubuntu machine, you can enable encryption for that Backup Repository. The cryptsetup approach will be used for devices and partitions. The file system of the encrypted device/partition will be transformed to ext4.  At the same time, the ecryptfs approach will be used for encrypting folders.

RHEL

When you create a Backup Repository on a Red Hat Enterprise Linux machine, you can enable repository encryption, but only the cryptsetup approach will be used for encrypting the entire device or partition. The file system of the encrypted device/partition will be transformed to ext4.

SLES

On the SUSE Linux Enterprise Server 11 machine, only the cryptsetup encryption approach is available.This approach will transform the file system of an encrypted device/partition to xfs.

On a SLES 12 machine, both encryption approaches can be used when you enable encryption for a Backup Repository. The ecryptfs package will be used for encrypting folders and the cryptsetup package will be used for encrypting devices/partitions. The file system of a fully encrypted device or partition will be transformed to xfs.